Ricoh 2013 Annual Report Download - page 39

Download and view the complete annual report

Please find page 39 of the 2013 Ricoh annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 98

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98

Ricoh Group Sustainability Report 2013 38
฀WEB฀2฀Security Threats and Countermeasures
:
www.ricoh.com/about/security/products/mfp/countermeasure/
•฀Security฀threats฀in฀฀ ฀
offices
Unauthorized access
via networks
Unauthorized access
via telephone lines
Tapping and alteration of
information over the network
Unauthorized access via the
device’s operator panel
Information leaks via
hard copies
Information leaks from
storage media
Information leaks due
to carelessness
CC: Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408)
Common Criteria is an international standard for information security that provides assurance that the process of specication, implementation
and evaluation of a computer security product has been conducted in a rigorous and repeatable manner. Customers can use CC to confirm that a
product meets their security requirments and compare security specifications across different products.
Security in products and services: MFPs
In MFPs, the Ricoh Group was among the first to
introduce measures to prevent leaks of digital and
paper-based documents or falsification of data.
We consider all possible threats that may arise
during the lifecycle of a digital or paper-based
document — from the creation of a document
through its processing, storage, preservation and
disposal — and develop and deliver the functions
necessary to protect the document from those
threats.
For further security and to allow customers to
use Ricoh products with greater peace of mind, we
obtained international certification standards for a
wide range of products, including the ISO/IEC
15408 security function certification backed by an
objective third party, Common Criteria (CC).
The Ricoh Group will continue to safeguard
the information assets of our customers with
products adapted to their specific office
environment and security policies. We will also
issue reports on information security on a regular
basis and support our customers in implementing
security controls.
Security around MFP products
As the information society has grown, we have
become increasingly exposed to a variety of new
threats such as computer viruses, leaks of personal
information, and unauthorized access to data.
Devising measures to counter these threats is now an
imperative part of doing business.
These security threats are not limited to
computers, servers and networks, so it is essential to
set up and operate MFPs correctly. As one of the
first to focus on security measures for MFPs, we
have thoroughly considered all types of potential
security breaches. WEB฀2
Obtaining Common Criteria certification
To confirm the effectiveness of our security functions,
we applied for Common Criteria certification of
international security function standards (IEEE 2600.1),
and in February 2010 we became the world’s first
organization to obtain IEEE 2600.1 for an MFP, the
imagio MP 5000 SP/4000 SP (launched in February
2008). Since then, we have developed a broad line of
CC-certified products so that our customers can be
assured that their information is safe.
Hard disk security functions
Hard฀disk฀drive฀(HDD)฀encryption
Address฀books,฀authentication฀information฀and฀accumulated฀documents฀stored฀in฀
multifunction฀copiers฀are฀encrypted฀as฀they฀are฀stored.฀This฀function฀prevents฀information฀from฀being฀leaked฀even฀
if฀the฀hard฀disk฀drive฀is฀physically฀removed.
Data฀Overwrite฀Security฀System
When฀a฀document฀is฀scanned฀by฀an฀MFP฀or฀scanner,฀or฀when฀data฀is฀received฀from฀a฀computer,฀some฀data฀may฀be฀
stored฀on฀the฀hard฀disk฀drive฀or฀memory฀device฀—฀for฀example,฀temporary฀image฀data,฀data฀the฀user฀has฀chosen฀
to฀save,฀or฀device฀conguration฀data.฀When฀such฀data฀is฀no฀longer฀needed,฀this฀function฀erases฀the฀data฀by฀over-
writing฀it.
Encryption฀key฀protection฀via฀TPM฀(Trusted฀Platform฀Module)
TPM฀is฀a฀tamper-proof฀hardware฀security฀module฀that฀performs฀cryptographic฀functions฀and฀securely฀stores฀
cryptographic฀data.฀Ricoh฀uses฀the฀TPM฀to฀store฀the฀root฀encryption฀key฀that฀protects฀the฀hard฀disk฀data฀
encryption฀key฀and฀the฀digital฀certicate฀of฀the฀MFP,฀and฀to฀perform฀a฀trusted฀boot฀operation฀that฀validates฀MFP฀
rmware฀authenticity฀before฀permitting฀the฀MFP฀to฀operate.฀The฀root฀key฀and฀cryptographic฀functions฀are฀always฀
contained฀within฀the฀TPM฀and฀cannot฀be฀altered฀from฀outside.฀This฀provides฀high-level฀assurance฀of฀the฀validity฀of฀
the฀MFP’s฀rmware,฀device฀identity฀and฀hard฀disk฀security.฀
Overview Action Data & Profile
Information Security
ISO26000 : ฀Organizational฀governance฀฀฀Fair฀operating฀practices฀฀฀Consumer฀issues฀